Having a tough time defining an IT security strategy able to take on big data and the Internet of Things? The panelists on the “Big Data 2.0: Next-Gen Privacy, Security and Analytics” session at last month’s MIT Sloan CIO Symposium feel your pain. One big conundrum for IT security practitioners, the panel agreed, is how enterprises should handle security and data governance amid the coming onslaught of regulations aimed at IoT and big data.
Moderator Alex “Sandy” Pentland, the Toshiba Professor of Media Arts and Sciences at MIT, said companies can’t afford to wait for regulations to come up with a governance strategy; IT security leaders need to figure out where the vulnerabilities are vis-à-vis new technologies — or put themselves at risk.
Rob Thomas, vice president of product development at IBM Analytics, said he likes to think about building data governance strategies like building castles. “When castles were constructed in the 1100s, they [were built as] a place to wage an offensive, to go on offense,” he said. He added that this is exactly how enterprises should approach their data strategies. “If the organization is waiting to hear what the regulations are, and then you respond with a data strategy, you have no chance of being ahead of the market.”
According to Thomas, going on the offense requires knowing what your data assets are, the flow and lifecycle of that data, and who has access to it and why.
Legal repercussions put damper on playing offense security
However, the task of building a data governance model that can tackle these demands in light of emerging applications such as IoT is easier said than done, said Anthony Christie, CMO of Level 3 Communications, an internet service provider and telecommunications company. If companies get it wrong, the consequences can be costly — and dire. He pointed to his own industry as an example.
“Carriers and internet service providers today … have the ability, in many respects, to proactively play this offense and to stop the number of threats — but the laws around culpability, if you get it wrong, are so grave that right now some of the more conservative providers don’t even want to deal with it,” he said.
So, is there a way to get out ahead of lagging government regulations? Pentland brought up the idea of test beds, or specific towns or cities in which companies can experiment operating under new rules, to gauge what consumers and citizens think is working.
Christie also believes test beds are a great opportunity for companies to explore and look for partners to develop their security and data governance strategies. He said these types of relationships have proven beneficial to Level 3, but companies may have to look beyond the obvious partners.
“In [Level 3’s] case, we actually had better success not with other service providers … but with equipment providers, who want to develop their equipment better,” he said.